[Samba] freeradius + NTLM + samba AD 4.5.x

Andrew Bartlett abartlet at samba.org
Tue Mar 27 00:32:46 UTC 2018

On Mon, 2018-03-26 at 13:37 +0100, Rowland Penny via samba wrote:
> Have you ever heard of 'wannacry' ? or to put it another way 'VERY
> insecure'

To be clear, NTLMv1 and wannacry are unrelated.  (Wannacry/wannacrypt
used an SMBv1 exploit, but NTLMv1 is negotiable without SMBv1).

NTLMv1 is quite insecure, in that it was 24 hours and 100 USD of cloud
credit to crack a couple of years back.

Avoiding both is of course still a really good idea.  

SMBv1 isn't so much an insecure protocol as that SMBv2 has the fortune
of being implemented more recently, after coding techniques improved
both in the Samba Team and at Microsoft (and SMBv2 has some good
security features in the more recent versions).  

So, retiring SMBv1 allows us to retire a lot of code that was written
in the 1990's, which is a good thing. 

I hope this clarifies things,

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list